0

I created an Azure AD B2C tenant, added applications to it. After running the application, it allows me to enter username and password, but when I click login it throws an error,

inner exception = null: invalid_resource;AADSTS500011: The resource principal named api://8e82b4f2-4962-4b66-a6f5-76667400cfed was not found in the tenant named. This can happen if the application has not been installed by the administrator of the tenant or consented to by any user in the tenant. You might have sent your authentication request to the wrong tenant.

Am using this library MSAL Mobile Flutter Plugin. I have followed all the steps described by documentation on the plugin, and on azure portal, but end up with that error. And I am logging in with users from the same tenant

What am i doing wrong?

blackbird
  • 460
  • 3
  • 9
  • 25
  • If my answer is helpful for you, you can accept it as answer( click on the check mark beside the answer to toggle it from greyed out to filled in.). This can be beneficial to other community members. Thank you. – Carl Zhao Sep 25 '20 at 11:51
  • Thank you @CarlZhao will check it – blackbird Sep 25 '20 at 12:00

1 Answers1

1

I can easily reproduce your problem. enter image description here

For AAD b2c tenant, it is somewhat different from AAD tenant. I noticed that the sample you refer to is aad. If you use aad b2c tenants, its scope should be:

https://zhaozhub2c.onmicrosoft.com/0ffde1a6-04d2-440e-87a5-d9fd69dbxxxx/mytest.

enter image description here

Please note that you cannot use client credential flow for Azure b2c because Azure b2c requires user login. I used ROPC flow to test and it works well.

enter image description here

Carl Zhao
  • 8,543
  • 2
  • 11
  • 19
  • Hi @CarlZhao can you show the right way of doing it using `AAD Tenant` – blackbird Sep 26 '20 at 05:33
  • @blackbird If you need to use an AAD tenant, then you must create an AAD tenant (or you must have an AAD tenant), and then the next process is consistent with the link you provided, or you can refer to my previous answer, My method may be a bit troublesome. I am using the client credential flow by modifying the "manifest". https://stackoverflow.com/questions/63716379/cant-authorize-token-from-client-credentials-authentication-microsoft-ad/63716916#63716916 – Carl Zhao Sep 28 '20 at 02:30
  • If you feel that the method I provided is a bit troublesome, you can also use the method in the link you provided. You only need to change all the parameters of the login request to the AAD tenant. If you encounter problems during the operation , Please feel free to ask me, I will reply you as soon as possible. – Carl Zhao Sep 28 '20 at 02:36